From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 6 Oct 2022 07:55:48 +0000 (+0200)
Subject: auth: Detect invalid bytes in makeBytesFromHex()
X-Git-Tag: rec-4.8.0-beta2~7^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4c74f5a164bf485ee7dd3ac9c6096ffb904db29f;p=thirdparty%2Fpdns.git

auth: Detect invalid bytes in makeBytesFromHex()

Also only allocate the required number of bytes, not twice that.

(cherry picked from commit 50953de897023742e43d3feab976b891be1c6e63)
---

diff --git a/pdns/misc.cc b/pdns/misc.cc
index 66dbb497db..f760a957ab 100644
--- a/pdns/misc.cc
+++ b/pdns/misc.cc
@@ -599,14 +599,18 @@ string makeBytesFromHex(const string &in) {
     throw std::range_error("odd number of bytes in hex string");
   }
   string ret;
-  ret.reserve(in.size());
+  ret.reserve(in.size() / 2);
+
   unsigned int num;
-  for (size_t i = 0; i < in.size(); i+=2) {
-    string numStr = in.substr(i, 2);
+  for (size_t i = 0; i < in.size(); i += 2) {
+    const auto numStr = in.substr(i, 2);
     num = 0;
-    sscanf(numStr.c_str(), "%02x", &num);
-    ret.push_back((uint8_t)num);
+    if (sscanf(numStr.c_str(), "%02x", &num) != 1) {
+      throw std::range_error("Invalid value while parsing the hex string '" + in + "'");
+    }
+    ret.push_back(static_cast<uint8_t>(num));
   }
+
   return ret;
 }
 
diff --git a/pdns/test-misc_hh.cc b/pdns/test-misc_hh.cc
index 3dd8f9c093..f519048409 100644
--- a/pdns/test-misc_hh.cc
+++ b/pdns/test-misc_hh.cc
@@ -387,6 +387,8 @@ BOOST_AUTO_TEST_CASE(test_makeBytesFromHex) {
   BOOST_CHECK_EQUAL(out, "\x12\x34\x56\x78\x90\xab\xcd\xef");
 
   BOOST_CHECK_THROW(makeBytesFromHex("123"), std::range_error);
+
+  BOOST_CHECK_THROW(makeBytesFromHex("1234GG"), std::range_error);
 }
 
 BOOST_AUTO_TEST_SUITE_END()